Fraudulent activity on the Internet takes many forms. Amongst the fraudulent activities that take place are the deceptive use of websites to collect information from unsuspecting users. In some cases, criminals attempt to obtain sensitive information from users by offering websites that look like legitimate sites, either resembling the look or uniform resource locator (URL) of a legitimate site or by presenting a professional looking site offering what appear to be legitimate services.
However, these sites are facades designed to induce the user to provide sensitive data such as credit card, social security, address and similar information to the criminals. Often these sites include web forms that are used to collect the sensitive information. The data is then sent to a location accessible by the criminals that created the site. The location is typically an email account separate from the website where the criminals collect the data obtained from the users for use in fraudulent activity often relying on identity theft and misuse of credit card data.
Current security software for assisting web browsers is focused on protecting the user from unwanted viruses, trojans, malicious scripts and similar programs that are designed to infiltrate the system of the user. These security programs often scan websites and incoming data for malicious code and block the incoming data if it is detected. However, websites that collect data from the user through a standard web form do not trigger these security programs.
The security settings in a web browser take a similar approach in focusing on blocking or restricting unwanted data coming into the web browser's system. These security settings may force a user to approve the storage of cookies or the generation of a pop-up window before either will be allowed. However, these security features do not provide information about the cookie or pop-up that is to be considered. As a result, the user is forced to make an uninformed decision and ultimately is unable to take advantage of legitimate services offered or must allow actions to take place that the user is not able to know how it will affect his system. Legitimate websites use secure connections to obtain sensitive data from users. The use of a secured connection initiates a check of security certificates by the web browser and similar security checks. However, a novice user may not notice that the fraudulent website does not use secured connections that initiate such checks.